Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

startsear.ch spyware infection


  • Please log in to reply

#1
skari

skari

    New Member

  • Member
  • Pip
  • 1 posts
I would like to begin by saying I appreciate any help I get on this matter.

My problem is that my laptop is infected with the startsearch spyware which hijacked my browsers. I suspect it came with the vShare plugin. The plugin file that I downloaded is still in my download folder but hasn't been accessed again (by me). The file was downloaded August 28th 2011.

I have looked around in this forum and other forums and tried some of the suggested solutions. These include:

Firefox:
- Type in "about:config" and filter on "start". Reset values containing the startsear.ch string. This seemed to fix the issue with Firefox

Chrome (my main browser):
- Open options in Chrome and press "Manage Search Engines". In the list of "stored" search engines, startsear.ch is the default. Choosing another search engine as default and deleting the startsear.ch seems to fix the issue with chrome

Internet Explorer:
- Resetting the Home page to default in "Internet options" seemed to fix the issue with IE


Although the symptoms seem to have been fixed there might still be files that will trigger more changes to my computer. I have tried to scan the computer with Malwarebyte but it turned clean results, even before making the changes mentioned above. My Avira AntiVir also turned no results.

Now I have scanned the computer with OTL which gave the log which is attached to this post. I hope someone experienced can tell me from the log how badly my computer is infected because I see in the log that startsear.ch still shows up both under FF and IE.

I noticed this in the log
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

but when I navigate to this registry key I see
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN, Start Page = http://go.microsoft....k/?LinkId=69157

Please correct me if these do not refer to the same key.

I also noticed in the log that the vshare tv plugin is still enabled in chrome but I did not see it under chrome://plugins/.

It is tempting to simply delete the vShare plugin in my download folder and startsear.xml (seen in the log) but I don't know what to do with the inconsistency observed in the registry or the active plugin in chrome.


Again, I hope someone can help me and thanks in advance.

Attached Files

  • Attached File  OTL.Txt   100.12KB   110 downloads

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP